3
Etherscan has issued a warning to users after a victim received 89 address-poisoning emails in under 30 minutes following just two stablecoin transfers.
The incident, shared publicly by a user identified as Nima on X, has put a spotlight on how automated and high-volume these attack campaigns have become on Ethereum. Nima stated that the flood of alerts was triggered by address-poisoning transactions created specifically to insert lookalike addresses into his wallet’s transaction history. The goal is to trick users into copying the wrong address the next time they send funds. “So many will fall victim to this,” he warned.
Why is Etherscan warning users?
Although address poisoning is not a brand-new strategy on Ethereum, its current scope has significantly changed. Attackers use automated systems to create addresses that resemble the first and last characters of valid addresses a user has previously interacted with, after keeping an eye on blockchain activity for active wallets. These fictitious addresses are then used to send small, almost worthless transfers that show up in the target’s transaction history.
Address poisoning attacks are getting out of hand. I just sent two stablecoin transactions and received +89 emails from my Etherscan address watch alert notifications.
It took them <30 mins to create all of these on mainnet.
So many will fall victim to this. pic.twitter.com/H1nGaMMprE
— Nima 👁️ (@0xNimaRa) February 13, 2026
A user may send money straight to the attacker if they later go to make a transfer and copy an address from their history without carefully checking it. According to a 2025 study that looked at activity from July 2022 to June 2024, there were about 17 million poisoning attempts on Ethereum alone, targeting about 1.3 million users, with at least $79.3 million in confirmed losses.
Poisoning transfers are 1,355% more common on chains with lower transaction fees, such as BSC, than on Ethereum. On Ethereum, the success rate of a single poisoning attempt is approximately 0.01%. Attackers only need a few to be successful by sending millions of poison transfers. The cost of thousands of unsuccessful attempts can be covered by a single, sizable transfer that ends up in the wrong wallet.
Fusaka upgrade made attacks cheaper
Activated on December 3, 2025, the Fusaka upgrade brought scalability enhancements that lowered Ethereum transaction costs. Ethereum processed an average of 30% more transactions per day in the 90 days following the upgrade compared to the 90 days prior, and there were roughly 78% more new addresses created every day.
Following Fusaka, there was a sharp increase in dust transfer activity, which is a common delivery method for poisoning attempts. $USDT dust transfers under $0.01 increased by 612%, from 4.2 million to 29.9 million. USDC dust transfers increased from 2.6 million to 14.9 million, a 473% increase. Dust transfers of $ETH and DAI also experienced sharp increases during that time.
https://t.co/SBZoEtLqM0
— etherscan.eth (@etherscan) March 12, 2026
These days, attackers frequently send $ETH and tokens in bulk to freshly created spoof addresses in a single transaction. Dust transfers are then sent to each of the intended targets separately by those spoof addresses. The total cost of operating this process at high volume is very low due to reduced fees.
Additionally, research revealed that in many campaigns, several attackers race to get their lookalike address into the target’s history by sending poison transfers to the same address within minutes of a legitimate transaction. Thirteen poison transfers were planted within minutes of a valid $USDT transfer in one documented instance.
Recent losses in 2026 highlight the stakes
Address poisoning is not a minor inconvenience, as evidenced by the magnitude of recent losses. A well-known cryptocurrency user known as Sillytuna lost about $24 million in aEthUSDC at the beginning of March 2026 after a spoof address was added to their transaction history.
Shortly after the theft, the attacker started exchanging the stolen assets, according to on-chain analysis. Reports of violent threats against the victim further complicated the case. In just two months, address-poisoning scams cost Ethereum users a total of $62 million, according to a February 2026 KuCoin report. In January 2026, one of those incidents resulted in a single loss of about $12.25 million, or about 4,556 $ETH at the time.
Etherscan gives users the means to defend themselves
The best defense, according to Etherscan, is to always confirm the complete destination address before transferring money. Without requiring users to manually go through high transaction volumes, the platform actively labels spoofing addresses, flags and conceals zero-value token transfers, and tags spoofed tokens to highlight possible poisoning attempts.
Users can visually differentiate between addresses that appear similar thanks to Etherscan’s Address Highlight feature. One address is probably a poisoning attempt if two addresses look almost identical but are not highlighted in the same way.
Additionally, users are advised to create an address book via their wallet, use private name tags for frequently used addresses, and pay attention to pop-up reminders that show up when copying addresses associated with questionable activity.
decrypt.co
protos.com
cointelegraph.com
coindesk.com + 12 more
